Dixons Carphone has apologised to customers after revealing that millions of bank card details have been stolen by hackers.
The consumer electronics retailer, which has stores in Portsmouth and Gosport, also admitted that non-financial personal data - such as names, addresses and email details - from 1.2 million customer records had also been breached in the cyber attack,
Dixons Carphone is contacting all those affected, but sought to assure customers it had no evidence that this had resulted in fraud at this stage.
The group has said that hackers have stolen 5.9 million customer bank details, and that while the vast majority of the payment cards targeted were protected by chip and pin around 105,000 without that form of security were compromised.
Dixons Carphone added that there was no evidence of fraud on the cards as a result of the incident but that relevant card companies had been notified.
It said it had called in cyber experts and added extra security to its systems following the breach, while also since calling in the police and relevant authorities.
Dixons Carphone chief executive Alex Baldock admitted the group had ‘fallen short’ of its responsibility to protect customer data.
He said: ‘We are extremely disappointed and sorry for any upset this may cause.
‘The protection of our data has to be at the heart of our business, and we’ve fallen short here.
‘We’ve taken action to close off this unauthorised access and, though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.’
Dixons said the hack occurred in one of the processing systems of Currys PC World and Dixons Travel stores.
It said the data accessed did not contain Pin codes, card verification values (CVV) or any authentication data allowing cardholder identification or a purchase to be made.
The group added it did not believe the personal data accessed had left the group’s systems, but was advising those affected on protective steps they should take.
It comes after telecoms firm TalkTalk was hit by a major cyber attack in October 2015, which saw the personal data of nearly 160,000 people accessed by hackers and left the firm facing a record £400,000 fine for security failings.